FMN: add a keytab for FASJSON access
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard
parent
2b53f7bd03
commit
a060cef52e
2 changed files with 25 additions and 0 deletions
|
|
@ -139,6 +139,7 @@
|
||||||
file: service.yml
|
file: service.yml
|
||||||
objectname: service.yml
|
objectname: service.yml
|
||||||
|
|
||||||
|
# Routes
|
||||||
- role: openshift/route
|
- role: openshift/route
|
||||||
app: fmn
|
app: fmn
|
||||||
routename: frontend
|
routename: frontend
|
||||||
|
|
@ -166,6 +167,7 @@
|
||||||
annotations:
|
annotations:
|
||||||
haproxy.router.openshift.io/timeout: 5m
|
haproxy.router.openshift.io/timeout: 5m
|
||||||
|
|
||||||
|
# Secrets
|
||||||
- role: openshift/object
|
- role: openshift/object
|
||||||
app: fmn
|
app: fmn
|
||||||
template: secrets.yml
|
template: secrets.yml
|
||||||
|
|
@ -198,3 +200,10 @@
|
||||||
app: fmn
|
app: fmn
|
||||||
template: deploymentconfig.yml
|
template: deploymentconfig.yml
|
||||||
objectname: deploymentconfig.yml
|
objectname: deploymentconfig.yml
|
||||||
|
|
||||||
|
# Keytab for FASJSON access
|
||||||
|
- role: openshift/keytab
|
||||||
|
app: fmn
|
||||||
|
key: service.keytab
|
||||||
|
secret_name: keytab
|
||||||
|
service: fmn
|
||||||
|
|
|
||||||
|
|
@ -87,6 +87,9 @@ spec:
|
||||||
- name: etc-fmn
|
- name: etc-fmn
|
||||||
mountPath: "/etc/fmn"
|
mountPath: "/etc/fmn"
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: keytab-volume
|
||||||
|
mountPath: /etc/keytabs
|
||||||
|
readOnly: true
|
||||||
- name: rabbitmq-ca-volume
|
- name: rabbitmq-ca-volume
|
||||||
mountPath: /etc/pki/rabbitmq/ca
|
mountPath: /etc/pki/rabbitmq/ca
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
|
@ -105,11 +108,16 @@ spec:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: fmn
|
name: fmn
|
||||||
key: oidc-client-secret
|
key: oidc-client-secret
|
||||||
|
- name: KRB5_CLIENT_KTNAME
|
||||||
|
value: /etc/keytabs/service.keytab
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: etc-fmn
|
- name: etc-fmn
|
||||||
configMap:
|
configMap:
|
||||||
name: fmn
|
name: fmn
|
||||||
|
- name: keytab-volume
|
||||||
|
secret:
|
||||||
|
secretName: keytab
|
||||||
- name: rabbitmq-ca-volume
|
- name: rabbitmq-ca-volume
|
||||||
mountPath: /etc/pki/rabbitmq/ca
|
mountPath: /etc/pki/rabbitmq/ca
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
|
@ -159,6 +167,9 @@ spec:
|
||||||
- name: etc-fmn
|
- name: etc-fmn
|
||||||
mountPath: "/etc/fmn"
|
mountPath: "/etc/fmn"
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: keytab-volume
|
||||||
|
mountPath: /etc/keytabs
|
||||||
|
readOnly: true
|
||||||
- name: fedora-messaging-ca-volume
|
- name: fedora-messaging-ca-volume
|
||||||
mountPath: /etc/pki/fedora-messaging/ca
|
mountPath: /etc/pki/fedora-messaging/ca
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
|
@ -171,10 +182,15 @@ spec:
|
||||||
env:
|
env:
|
||||||
- name: APP_SCRIPT
|
- name: APP_SCRIPT
|
||||||
value: ".s2i/run-consumer.sh"
|
value: ".s2i/run-consumer.sh"
|
||||||
|
- name: KRB5_CLIENT_KTNAME
|
||||||
|
value: /etc/keytabs/service.keytab
|
||||||
volumes:
|
volumes:
|
||||||
- name: etc-fmn
|
- name: etc-fmn
|
||||||
configMap:
|
configMap:
|
||||||
name: fmn
|
name: fmn
|
||||||
|
- name: keytab-volume
|
||||||
|
secret:
|
||||||
|
secretName: keytab
|
||||||
- name: fedora-messaging-ca-volume
|
- name: fedora-messaging-ca-volume
|
||||||
secret:
|
secret:
|
||||||
secretName: fedora-messaging-ca
|
secretName: fedora-messaging-ca
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue